package com.zy.springSecurity.confing;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;

import javax.sql.DataSource;

/**
 * @Author: zy 690748807@qq.com
 * @Param:
 * @return:
 * @Date: 2024/1/27
 * @Description: 拦截器重写接口内容
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)//给方法设置权限的注解（开启）
public class AppWebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    DataSource dataSource;
    @Autowired
    UserDetailsService userDetailsService;//用户详情查询服务组件的接口
    @Autowired
   PasswordEncoder passwordEncoder;//安全框架的密码编码器

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //super.configure(auth);//默认的认证
        //基于内存的认证方式
      /*  auth.inMemoryAuthentication().withUser("zhangsan").password("1").authorities("罗汉拳")
                .and()
                .withUser("cc").password("1").authorities("haha")
                .and()
                .withUser("lisi").password("1").roles("学徒工")
                .and()
                .withUser("aa").password("1").roles("宗师")
                .and()
                .withUser("bb").password("1").roles("大师");
       */

        //auth.jdbcAuthentication().usersByUsernameQuery("zhangsan");//使用默认的查询用户语句
//        auth.userDetailsService(userDetailsService);//使用数据库认证---》组件接口
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);//没有加盐的加密方式

//auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());//有加盐的加密方式

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // super.configure(http);//默认----所以页面都拦截
        //方式一：http.authorizeRequests()
        //.antMatchers("/layui/**","/index.jsp").permitAll() //设置匹配的资源放行
        //.anyRequest().authenticated(); //剩余任何资源必须认证
        //实验一：授权：对首页和静态页放行其他页面拦截
       /* http.authorizeRequests().antMatchers("/layui/**","/index.jsp").permitAll()
                .anyRequest().authenticated();*/
        //实验六：授权访问
        http.authorizeRequests().antMatchers("/layui/**", "/index.jsp").permitAll()
//                .antMatchers("/leve4/**").hasAuthority("haha")
//                .antMatchers("/level1/**").hasRole("学徒")
//                .antMatchers("/level2/**").hasRole("宗师")
//                .antMatchers("/level3/**").hasRole("大师")
                .anyRequest().authenticated();//剩余的都可以访问


        // http.formLogin();//没权限就会跳到默认的登陆页
        http.formLogin().loginPage("/index.jsp")
                .loginProcessingUrl("/index.jsp")
                .usernameParameter("loginacct")
                .passwordParameter("userpswd")
                .defaultSuccessUrl("/main.html");
        // http.csrf().disable();//禁用csrf
        http.logout().logoutUrl("/logout").logoutSuccessUrl("/index.jsp");
        //报403的友好页面
        http.exceptionHandling().accessDeniedPage("/unauth.html");
        //开启记住我   内存版---cookie方式
//        http.rememberMe();
        JdbcTokenRepositoryImpl ptr = new JdbcTokenRepositoryImpl();
        ptr.setDataSource(dataSource);
        http.rememberMe().tokenRepository(ptr);//基于数据库存储记住我

        //基于数据的的查询然后认证---->需要关闭缓存认证
        //todo
    }
}